Netgear/Linksys to Cisco 3005 Concentrator problem
We are having problems setting a LAN-LAN ipSec tunnel between a Netgear VPN router (the clients) and our 3030 concentrator. It is set up as ipSec with pre-shared keys, using MD5 and 3DES. What I am seeing is ipSec phase 1 completion, but the device fails on phase 2, with the error of being unable to satisfy the SA request of the Netgear router. SA's on both sides look the same.
1. has anybody had the netgear VPN routers connect to a VPN concentrator as a LAN-LAN tunnel.
2. What is the message (we were getting initially) of "Malformed payload"
3. Will this also work if the VPN Concentrator local network is not directly attached. (i.e. will the concentrator still proxy arp?)
inside netgear device address: 192.168.1.0/24
outside netgear device address: 202.XXX.YYY.0/24
inside vpn 3030 device address: 128.AAA.BBB.0/24
outside vpn 3030 device address: 128.AAA.BBB.1/32
(the 3030 is single armed)
Address to connect to (128.AAA.CCC.10) is attached to 128.AAA.BBB.0/24 network via a router.
Re: Netgear/Linksys to Cisco 3005 Concentrator problem
As the vpn concentrator is one armed (the private interface is also the public), I can only assume the VPN concentrator creates host routes for each of the addresses in the inside range, excluding the outside address (not truely a 128.AAA.BBB.0/24).
We currently use this for our pptp vpn (internal wireless) without problems.
Address to connect to is the end host the clients are trying to connect to by using the LAN-LAN tunnel as a n encrypted bridge.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...